Data breaches. You’ve heard about them in the news and on social media by now. But with the growing complexity of cyber-attacks, do you know if your motorsports dealership is prepared for the full range of risks it could face?
According to the 2020 Cost of Data Breach Report released by IBM, the average total cost of a business data breach is $3.86 million. Even worse, lost business costs account for nearly 40% of that total due to increased customer turnover, lost revenue associated with system downtime and added costs to acquire new business due to a diminished reputation. In short, just one data breach could have detrimental—and lasting—impacts on your dealership.
Below are risks and tips we’ve helped other motorsports dealers with at Sentry. My hope is that you discover at least one new idea to take back to your dealership so that your team can focus on delivering motorsports to customers, with confidence that your data is secure.
Ransomware is malicious software that restricts access to files on an infected machine—usually by encrypting them. An attacker then demands a ransom payment in exchange for restoring access to the files by providing the key to decrypt the data. While ransomware is unpredictable, there are several steps you can take to reduce your dealership’s risks:
- Ensure that your anti-virus software is up to date
- Apply vulnerability patches as soon as you’re able and enable automated patches for your operating system, software, firmware, and web browsers.
- Consider network segmentation.
- Implement and test a data backup and recovery plan to maintain copies of your sensitive data in a separate and secure location, preferably offline or with a trusted cloud solution.
- Establish firewall settings that prevent access to known malicious IP addresses.
- Make sure that backup copies of sensitive data aren’t readily accessible from local networks.
- Train your employees on how to avoid phishing attempts. Test them frequently to maintain awareness.
- Enable strong identity and access-management programs with established principles of least privilege, or “need to know.”
If your dealership faces the unfortunate event of a ransomware infection, there are several ways you can respond. First, disconnect any infected machines from your network and contact both law enforcement and your insurance provider immediately.
Next, evaluate the extent of the infection, identify the ransomware type, and determine whether the infected machine was connected to shared or unshared network drives, external hard drives, USBs or cloud-based storage. You’ll also want to check for any registries or file listings created by the ransomware.
Finally, clean the ransomware from your systems, reinstall the operating system, and restore it from a reliable backup. A well-organized backup plan is one of the best countermeasures your dealership can take against ransomware.
Another rising issue many motorsports dealers face is fraudulent impersonation. This can happen when a vendor of your dealership, who appears to be legitimate, asks your business to modify wireless payment instructions such as a different bank and routing number. If the request is completed by a member of your team, the hacker who impersonated your business’s vendor would then be the recipient of those funds, sometimes in the tens or hundreds of thousands of dollars, which may be unrecoverable in some instances.
This specific cyberattack has been an increasing trend during 2020, however you can reduce the likelihood and risk of these incidents by requiring a multi-step confirmation process. Before altering payment instructions, confirm the transaction through a known telephone number of your vendor—not the one listed in the email. If everything checks out, require dual signoffs to confirm each request is reviewed thoroughly. As with any significant change, two sets of eyes are better than one. If an impersonating attacker does access your dealership’s finances, insurance coverage may be available depending on your carrier.
The importance of device encryption
As a parting piece of advice, don’t underestimate the value of encrypting your email, devices, and disks. Unencrypted technology not only may allow an attacker to intercept and read your messages in plain text, but you won’t know how many places the data is stored, or even if it was intercepted.
Your encryption plan will mostly depend on your dealership’s size, budget, and technical needs, however the following checklist should help you get started:
- Identify your sensitive data: Determine which data in your organization needs encrypting.
- Determine your budget: Encryption products range from free open-source tools to paid solutions designed for large organizations.
- Find a solution: Choose an encryption software that implements the Advanced Encryption Standard (AES) algorithm—the industry standard specified by the National Institute of Standards and Technology. All three AES standard key lengths provide robust, industry-standard encryption.
- Configure email software: Set up your software to encrypt messages automatically. This way, employees won’t forget or skip encryption.
- Encourage others: Work with external parties to set up compatible email encryption systems so you can send each other secure messages easily.
- Enforce a password policy: Consider using long passwords—not just the 4-digit PINs or geometric patterns that are often the default on smartphones.
- Train your employees: Teach them how encryption works, why it’s a critical component of your cybersecurity policy,
Data breaches and other malicious activities aren’t going away, but keeping your team prepared for the latest exposures can help lower your business’s risks. With the new year quickly approaching, consider reviewing your dealerships coverages to make sure you’re properly protected from a costly data breach. While this isn’t a comprehensive list, I hope it can serve as a starting point for your business.
For more information and recommendations, speak with your local experts, insurer or business’s attorney to make sure you’re covered.
Dan Zastava is the director of corporate underwriting and product development for Sentry Insurance a Mutual Company, which is headquartered in Stevens Point, Wisconsin. Visit sentry.com to learn about the insurance, retirement products and risk management solutions Sentry provides to motorsports dealers.